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METHOD OF AUTHENTICATING A CHANNEL AUTHORIZATION USING A 



NETWORK ACCESS DEVICE IN A COMBINED BROADCASTING AND 

COMMUNICATION SYSTEM 



5 CLAIM OF PRIORITY 

This application claims priority to an application entitled "Method of 
authenticating a channel authorization using a NAD(Network Access Device) in a 
combined broadcasting and communication system," filed in the Korean Intellectual 
Property Office on May 20, 2003 and assigned Serial No. 2003-31973, the contents of 
1 0 which are hereby incorporated by reference. 



BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

The present invention relates to a combined broadcasting and communication 
15 system, and more particularly to a method of authenticating a channel authorization of a 
user during the combined service mode. 



2. Description of the Related Art 

FIG. 1 is a block diagram illustrating a general optical transmission network which 
20 provides a broadcasting service as well as a communication service. Referring to FIG 1, a 
broadcasting service provider and a communication service provider transmit 
corresponding services to an OLT (Optical Line Terminal) 20. An optical cable is 



1 



PI 1105/5000-1-452 

connected between the OLT 20 and an ONU (Optical Network Unit) 30 to exchange signals, 
such that when the corresponding service is provided from the ONU 30 to the user, the 
broadcasting service and the communication service can be transmitted separately. A set 
top box (STB) is commonly used for the transmission of the broadcasting service. The 
5 broadcasting service may be transmitted using an HFC (Hybrid Fiber Coaxial) cable 
network, a wireless network, or an optical cable such as FTTH. 

When providing the broadcasting service, it is necessary to authenticate the user's 
authorization to access the broadcasting service and to perform the related accounting. To 
this end, an AAA (Authentication, Authorization and Accounting) server 10 is typically 
10 employed. The AAA server 10 provides authentication, authorization and accounting 
functions as the user tries to access computer resources. 

FIGs. 2a and 2b are flowcharts illustrating the examples of a related art 
authentication process used in the broadcasting service. 

Generally, in order to obtain an authorization for a channel desired by the user, 
15 private information is exchanged between the user's STB 40, the ONU 30 used for 
switching broadcasting stream to the user, and the AAA server 10. To receive a 
broadcasting service, the user activates the STB 40 to request a channel to the ONU 40, and 
in response, the ONU 30 requests the authorization to the AAA server 10, or the user's STB 
40 requests the authorization to the AAA server 10 directly and then requests the desired 
20 channel to the ONU 30 using the authorization provided by the AAA server 10. 

FIG. 2a is a flowchart illustrating the process in which the user (via STB 40) 
requests a channel to the ONU 30, and in turn, the ONU 30 requests the authorization to the 
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AAA server 10 to perform the authentication. As shown, the STB 40 first requests a 
desired broadcasting service to the ONU 30 (step 201). Then, the ONU 30 requests the 
AAA server 10 whether the user has the authorization to access the corresponding service 
(step 202). At this time, the AAA server 10 performs the authentication, and transmits the 
5 result of authentication process to the ONU 30 as an authorization response (step 203). 
Thereafter, the ONU 30 provides the request service response according to the 
authentication result to the STB 40 (step 204). 

FIG. 2b is a flowchart illustrating the process in which the user (e.g., STB 40) 
requests an authorization to the AAA server 10 directly and then requests a desired channel 

10 to the ONU 30 with the authentication approval. As shown, the STB 40 first requests 
whether it has the authorization to access the desired service by requesting an authorization 
to the AAA server 10. In response, the AAA server 10 performs the authentication, and 
transmits the authentication result to the STB 40 as an access response (step 206). Then, the 
STB 40 requests the broadcasting service according to the authorization result to the ONU 

1 5 30 (step 207), and the ONU 30 provides the service to the STB 40 (step 208). 

In order to obtain the broadcasting service from the ONU 30, the prior art requires 
to receive the authorization from the AAA server 10 or through the ONU 30. Accordingly, 
it takes longer for the STM 40 to request a channel and obtain the service using the prior art 
methods. Moreover, as the number of STBs 40 and services desired by the STBs 40 

20 increase, the traffic between the ONU 30 and the AAA server 10 also increases to cause a 
more delay in obtaining the service. Furthermore, in the case that the AAA server 10 
malfunctions or the ONU 30 and the AAA server 10 cannot communicate with each other, 
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no service is provided to the STB 40. 

SUMMARY OF THE INVENTION 

Accordingly, the present invention has been made to overcome the above- 
5 mentioned problems and provides additional advantages, by providing a method of 
authenticating a channel authorization using a NAD (Network Access Device) in a 
combined broadcasting and communication system, so that an authorization process of a 
user without the aid of an AAA server. 

One aspect of the present invention is to provide a method of authenticating a 
10 channel authorization using a NAD in a combined broadcasting and communication system, 
so that a service can be provide to a user promptly as the user request a channel change 
during the viewing. 

Another aspect of the present invention is to provide a method of authenticating a 
channel authorization using a NAD in a combined broadcasting and communication system 
15 so that an AAA server only transmit a change in the service request to the NAD in response 
to the user's requests. 

Yet another aspect of the present invention is to provide a method of authenticating 
a channel authorization using a NAD in a combined broadcasting and communication 
system which can improve the QoS (Quality of Service) for a user by enabling the NAD to 
20 process a channel authorization of a user even when a communication with the NAD is not 
feasible due to the malfunction of an AAA server. 

Further aspect of the invention is to provide a method of authenticating a channel 
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authorization using a NAD (Network Access Device) in a combined broadcasting and 
communication system, which includes a plurality of STBs (Set Top Boxes) for receiving a 
broadcasting, an OUT (Optical Line Terminal)/ONU (Optical Network Unit) for transferring 
a broadcasting stream to the STBs, and an AAA (Authentication, Authorization and 
5 Accounting) server for a channel authentication. The method includes a first step of 
preparing the NAD for determining whether to switch the broadcasting stream to the STBs 
in the ONU, a second step of initializing the NAD and storing authentication information of 
the channel authorization from the AAA server by booting the NAD, a third step of the 
NAD performing an authentication using the stored authentication information of the 
10 channel authorization in accordance with a channel request from the STB and switching the 
requested channel, and a fourth step of changing and storing the authentication information 
of the channel authorization in accordance with an update signal of the authentication 
information of the channel authorization from the AAA server. 

1 5 BRIEF DESCRIPTION OF THE DRAWINGS 

The above features and advantages of the present invention will be more apparent 
from the following detailed description taken in conjunction with the accompanying 
drawings, in which: 

FIG. 1 is a block diagram illustrating an example of a general optical transmission 
20 network which provides a broadcasting service and a communication service; 

FIGs. 2a and 2b are flowcharts illustrating examples of an authentication process 
for the broadcasting service in the related art; 
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FIG. 3 is a flowchart illustrating a method of authenticating a channel authorization 
using a NAD in a combined broadcasting and communication system according to the 
present invention; 

FIG. 4 is a flowchart illustrating a process of initializing a NAD in a method of 
5 authenticating a channel authorization using a NAD in a combined broadcasting and 
communication system according to the present invention; 

FIG. 5 is a flowchart illustrating an authentication process performed by a NAD in 
a method of authenticating a channel authorization using a NAD in a combined 
broadcasting and communication system according to the present invention; and 
10 FIG 6 is a flowchart illustrating a process of updating a NAD in a method of 

authenticating a channel authorization using a NAD in a combined broadcasting and 
communication system according to the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

1 5 Hereinafter, the method of authenticating a channel authorization using a NAD in a 

combined broadcasting and communication system according to preferred embodiments of 
the present invention will be described with reference to the accompanying drawings. For 
the purposes of clarity and simplicity, a detailed description of known functions and 
configurations incorporated herein will be omitted as it may make the subject matter of the 
20 present invention unclear. 

To help understand the invention, the following definition are used: 

The terms "ticket" and "class" signify means for defining a channel authentication 
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information of a user. In particular, the term "ticket" represents an authorization assigned to 
a user and may be expressed by a class (or a channel authorization). The term "class" is a 
set of broadcasting channels classified according to the characteristic or the policy of a 
broadcasting channel. Thus, "ticket" is a set of classes assigned to a given user. For 
5 example, if a certain user group is expressed by a class, users in the user group 
corresponding to the class have the same authorization. Also, by giving different channel 
authorizations to the respective users, a specialized authorization can be given to each and 
every user. That is, by giving different channel tickets to respective users, it becomes 
possible for a specified user to use the channel to which a specified ticket is given. 

10 FIG. 3 is a flowchart illustrating a method of authenticating a channel authorization 

using a NAD (Network Access Device) in a combined broadcasting and communication 
system according to the present invention. 

According to the inventive method, a NAD is provided in an ONU (Optical 
Network Unit), so that an authentication can be performed with the NAD without using an 

15 external AAA server 10. Hence, the NAD serves to determine whether to switch a 
broadcasting stream from an ONU 30 to an STB 40. That is, if the switching of the 
broadcasting stream is requested, the NAD determines whether to permit the requested 
switching or not. 

The operation of the NAD is briefly divided into an initializing process, a 
20 processing process, and an updating process. 

First, the NAD is initialized (step 31). In order to initialize the NAD, a class from 
the AAA server 10 and ticket information from the AAA server 10 are sent to the NAD and 
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then stored in a RAM or NVM (Non- Volatile Memory) of the NAD (step 32). A service 
preparation can begin by loading the received information. This initializing process is 
performed only once during the booting of the NAD, and thus this does not affect the 
performance of the whole system. 
5 Then, the authentication (e.g., giving the authorization) is performed using the 

stored class and ticket information (step 33). That is, with respect to a channel request 
from the STB 40, the NAD does not query to the AAA server 10, but determines the 
authorization of the STB 40 using the stored class and ticket information. 

At this time, the NAD confirms whether the stored class and ticket information has 

10 been updated (step 34). If it is confirmed that the information is not updated, the NAD 
continuously performs the authentication using the stored class and ticket information (step 
33). However, if it is confirmed that the stored class and ticket information has been 
updated, the NAD stores new class and ticket information (step 35), and performs the 
authentication using the new class and ticket information (step 33). In alternate 

1 5 embodiment, a periodic update occurs regardless of receiving a channel request from a STB 
user or when the information of the AAA server is changed. That is, the AAA server 10 
periodically transmits the ticket information or the class to the NAD in order to update the 
stored class and ticket information, or transmits the new information to the NAD when one 
of the ticket information or the class has changed. Here, only the ticket or class information 

20 that has changed may be transmitted to reduce the data capacity. 

Now, the method of authenticating a channel authorization using a NAD in a 
combined broadcasting and communication system according to the present invention will 
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be explained in further details with reference to FIGs. 4 to 6. 

FIG. 4 is a flowchart illustrating the process of initializing a NAD according to the 
present invention. 

As shown, if the NAD of the ONU 30 is booted, the NAD requests the initialization 
5 to the AAA server (step 401), and in response, the AAA server 10 transmits the ticket 
information and/or the class to the NAD (step 402). Then, the NAD stores the transmitted 
ticket information and/or the class (step 403). 

FIG 5 is a flowchart illustrating the authentication process performed by a NAD 
according to the present invention. 
10 As shown, if the STB 40 requests for the service (e.g., channel) (step 501), the NAD 

determines whether to provide the service (channel) based on the stored class and the ticket 
information without connecting to the AAA server 10 (step 502). In response, the NAD 
responds to the service (channel) request from the STB 40 (step 503) if the STB 40 
requested an authorized channel by providing the requested channel to the STB 40. If the 
15 STB 40 is not authorized, the NAD refuses the service. 

A given service may expire after the authorized time period expires. As such, 
after switching, the NAD examines whether a user is watching an unauthorized 
broadcasting channel by monitoring the channel watched by the user at a predetermined 
interval. Alternatively, the NAD periodically checks to see whether to continue the service 
20 by checking whether the STB 40 still has the authorization. 

FIG. 6 is a flowchart illustrating the process of updating a NAD according to the 
present invention. 
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The values of the ticket information and the class are not permanent but may be 
changed according to a user's request or as occasion demands. In the prior art, since the 
AAA server 10 directly performs the authentication, an additional update was not required 
with respect to the subsequent information changes. However, according to the present 
5 invention, the authentication is performed using the ticket information and the class 
information stored during the initializing process, thus the update is desired to reflect any 
change. The update may be classified into two representative types: One is a periodic 
update performed by the AAA server 10, and the other is an update performed with respect 
to the changed contents only when the contents stored in the AAA server 10 are changed. 

10 As shown in FIG 6, if the AAA server 10 detects that the class and the ticket 

information requires an update (step 601), the update of the class and ticket information is 
performed in the NAD of the ONU 30 (step 602), and then the NAD of the ONU 30 
transmits a message indicative of the completion of the update (step 603). Thereafter, 
subsequent operations steps are identical to that of FIG. 5. That is, if the STB 40 requests a 

15 service (e.g., channel) (step 604), the NAD determines whether to provide the service (e.g., 
channel) in accordance with the updated class and ticket information without connecting to 
the AAA server 40 (step 605). Then, the NAD provides the service (e.g., channel) to the 
STB 40 after the authentication process. That is, if the STB 40 has requested an authorized 
channel, the NAD switches the channel to the STB, and otherwise, it does not switch the 

20 channel to the STB. Note that if the available service of a user has expired based on the 
updated information, the NAD determines whether to continue the providing of the service 
by checking whether the STB has the authorization with respect to the service. 
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In the event there is a frequent and periodic update in the prior art, the provision of 
the service may be interrupted when the class and the ticket information are changed during 
an update period. In addition, since the whole information must be transmitted during the 
update operation, the load of the system may become deteriorated. However, in the 
5 preferred embodiment of the present invention, the NAD update is considered to be the 
update of the changed contents when the AAA server 10 detects the change, thus 
overcoming the prior art problems. 

As described above, the method according to the present invention can process the 
authorization of the user separately from the AAA server with respect to user's request such 

10 as a channel change that frequently occurs in the broadcasting service, and thus it can 
provide the service promptly, without an undesirable delay, to the user. Also, the method 
according to the present invention can reduce the load of the system by making the AAA 
server transmit the changed ticket information and the class to the NAD only when the 
authorization of the user is changed. Moreover, the method according to the present 

1 5 invention can enable the NAD even when a communication with the NAD is down due to 
the malfunction in the AAA server. Furthermore, the method according to the present 
invention can make an operator give the authorization according to the users and channels, 
and thus diverse types of service models can be proposed. It should be noted that the 
method according to the present invention can be implemented by programs and can be 

20 stored in recording media such as CD ROM, RAM, floppy disc, hard disc, optomagnetic 
disc, etc., in a computer-readable form. 

While the invention has been shown and described with reference to certain 
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preferred embodiments thereof, it will be understood by those skilled in the art that various 
changes in form and details may be made therein without departing from the spirit and 
scope of the invention as defined by the appended claims. 
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